[PATCH] tis authserv support

Balazs Scheidler bazsi at balabit.hu
Sat Dec 9 05:15:04 EST 2000


On Fri, Dec 08, 2000 at 12:09:28PM -0600, Mark D. Roth wrote:
> On Fri Dec 08 14:40 2000 +0100, Balazs Scheidler wrote:
> > Our patch doesn't link to fwtk's libauth.a, but uses its own implementation 
> > of the protocol, and fetches configuration options from sshd_config.
> 
> Hrmm.  What are the advantages of that setup?  I may be missing
> something, but it seems to me that it would make more sense to use the
> existing API so that the application is shielded from the protocol
> details.  It also seems preferable to specify the auth servers in
> TIS's netperm-table file so that you don't have to list the same
> servers in a different config file for every program which talks to
> the auth servers.
> 
> Are there problems with this setup which I'm missing?  If so, please
> let me know.  Thanks!

What if neither fwtk nor gauntlet is installed on the server? We implemented
this patch primarily to allow CryptoCard authentication on servers with
sshd running. They were not firewalls, just simple servers.

Another reason against fwtk/gauntlet is its license. Our patch is 100% free
software, licensed under the BSD license.

> (BTW, the patch I posted allows the administrator to choose between
> S/Key and TIS authentication at run-time.  It also supports the
> sshd_tis.map file for compatibility with the commercial ssh
> implementation.)

Apart from the need of fwtk libraries, I like the features you implemented.

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
     url: http://www.balabit.hu/pgpkey.txt





More information about the openssh-unix-dev mailing list